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DETAILED ACTION 



1. 



Claims 1 



22 are pending for examination. 



2. 



Claims 1 



22 are rejected. 



Claim Rejections - 35 USC § 112 



The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

Claim 19 rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite for failing 
to particularly point out and distinctly claim the subject matter which applicant regards as the 
invention. The claim recites a "method", where the dependency is on a system for claim 16. For 
the sake of applying art, the examiner assumes that "The system" is the correct phrase. 

Claim 20 rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite for failing 
to particularly point out and distinctly claim the subject matter which applicant regards as the 
invention. The claim recites a "claim 13" dependency, where the dependency is on a system for 
claim 16. For the sake of applying art, the examiner assumes that "claim 16" is the correct 
phrase. 



Claim 12 rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite for failing 
to particularly point out and distinctly claim the subject matter which applicant regards as the 
invention. The claim recites a "multilayer ..." algorithm, where the correct phrase for the 
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abbreviation MMH is "multilinear". For the sake of applying art, the examiner assumes that 
"multilinear" is the correct phrase. 

Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed publication in this 
or a foreign country, before the invention thereof by the applicant for a patent. 

3. Claims 1- 22 are rejected under 35 U.S.C. 102(a) as being anticipated by Ellington et al, 
U.S. Patent 6,708,218 Bl. 

4. As per claim 1 ; "A method of processing a packet having a plurality of layers, 
comprising: 

processing a first layer in accordance with a first protocol [ABSTRACT, col. 3, lines 1- 
54, col. 4,lines 25-col. 5,line 21, figures 3-1 1 and associated descriptions, whereas the 
determination of a frame as being IP frame or an IPSec frame via the MAC header and protocol 
field in the IP header as examined in the data link control layer (i.e., col. 3, lines 17-54), clearly 
encompasses the claimed limitations as broadly interpreted by the examiner]; and 

processing a second layer in accordance with a second protocol in parallel with 
processing of said first layer when processing of said first layers uncovers 

sufficient information to support processing of said second layer 
[ABSTRACT, col. 3,lines 1-54, col. 4,lines 25-col. 5,line 21, figures 3-11 and 
associated descriptions, whereas the determination of a frame as being IP frame or 
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an IPSec frame via the MAC header and protocol field in the IP header (i.e., first 
layer) as examined in the data link control (i.e., second) layer (i.e., col. 3, lines 17- 
54), clearly encompasses the claimed limitations as broadly interpreted by the 
examiner].". 

5. As per claim 2; "A method of processing a data packet according to a plurality of security 
policies, comprising the steps of: 

(a) receiving the packet; 

(b) identifying a first security policy; 

(c) processing the packet according to 

the first security policy [ABSTRACT, col. 3,lines 1-54, col. 4,lines 25-col. 5,line 
21, figures 3-11 and associated descriptions, whereas the determination of a frame as 
being IP frame or an IPSec frame via the MAC header and protocol field in the IP header 
as examined in the data link control layer (i.e., col. 3,lines 17-54) and said IPSec 
inherently uses Security association management (SA) and key exchange (i.e., first 
security policy), clearly encompasses the claimed limitations as broadly interpreted by 
the examiner]; 

(d) identifying a second security policy when 

information necessary for said identification of the second security policy 
becomes available; and 

(e) processing the packet according to 
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the second security policy, concurrently with step (c) [ABSTRACT, col. 3, lines 1- 
54, col. 4,lines 25-col. 5,line 21, figures 3-11 and associated descriptions, whereas the 
determination of a frame as being IP frame or an IPSec frame via the MAC header and 
protocol field in the IP header as examined in the data link control layer (i.e., col. 3, lines 
17-54) and said IPSec inherently uses Security association management (SA) and key 
exchange (i.e., second security policy; layer dependent), clearly encompasses the claimed 
limitations as broadly interpreted by the examiner].". 

As per claim 16, this claim is the apparatus/system for the method claim 2 above, and is 
rejected for the same reasons provided for the claim 2 rejection; "A system for processing a data 
packet according to a plurality of security policies, wherein processes that effect respective 
security policies can execute in parallel, the system comprising: 

a packet identification (PID) parser that 
identifies the packet; 

a plurality of security processing modules, each of which can process the packet 
according to 

one of the security policies in parallel with 

at least one other security processing module; and 

at least 

one feedback loop or 

feeding output of at least one of said security processing modules to 
at least one other security processing module.". 
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6. As per claim 19; this claim is the intended use embodiment of claim 16 above, and is 
rejected for the same reasons provided for the claim 16 rejection (A recitation directed to the 
manner in which a claimed apparatus is intended to be used does not distinguish the claimed 
apparatus from the prior art if prior art has the capability to do so perform (See MPEP 2114 
and Ex Parte Masham, 2 USPQ2d 1647 (1987)). The prior art is replete with references 
disclosing generally electrically equivalent embodiments such as that implemented using Digital 
Video Broadcast (DVB) descrambler hardware.); "The method of claim 16, wherein 

said security processing modules comprise 

a module for performing Digital Video Broadcast (DVB) descrambling". 

7. Claim 3 additionally recites the limitation that; "The method of claim 2, wherein 
said step (c) comprises 

decryption of data in the packet.". 
The teachings of Ellington et al suggest such limitations (ABSTRACT, col. 3,lines 1-54, col. 
4,lines 25-col. 5,line 21, figures 3-1 1 and associated descriptions, whereas the determination of a 
frame as being IP frame or an IPSec frame via the MAC header and protocol field in the IP 
header as examined in the data link control layer (i.e., col. 3,lines 17-54) and said IPSec 
inherently uses Security association management (SA) and key exchange (i.e., first security 
policy) in support of the associated encryption/decryption cryptographic functions (i.e., col. 
5,lines 13-21, (RFC) 2401, "Security Architecture for the Internet Protocol" where the 
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encryption/decryption cryptographic functions include; DES and triple DES), clearly 
encompasses the claimed limitations as broadly interpreted by the examiner.). 

8. As per claim 6; this claim is the intended use embodiment of claim 3 above, and is 
rejected for the same reasons provided for the claim 3 rejection (A recitation directed to the 
manner in which a claimed apparatus is intended to be used does not distinguish the claimed 
apparatus from the prior art if prior art has the capability to do so perform (See MPEP 2114 
and Ex Parte Masham, 2 USPQ2d 1647 (1987)). The prior art is replete with references 
disclosing generally algorithm/software implemented equivalent embodiments such as that 
implemented using the ARC4 stream cipher encryption algorithm derivative of the associated 
(RFC) 2401, "Security Architecture for the Internet Protocol" standard of Ellington et al)\ "The 
method of claim 3, wherein 

said decryption is performed according to 
the ARC4 algorithm.". 

As per claim 10, this claim is the apparatus/system for the method claim 6 above, and is 
rejected for the same reasons provided for the claim 6 rejection; "The method of claim 7, 
wherein 

said decryption is performed according to 
the ARC4 standard ". 



9. 



Claim 4 additionally recites the limitation that; "The method of claim 3, wherein 
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said decryption is performed according to 

the data encryption standard (DES) ". 
The teachings of Ellington et al suggest such limitations (ABSTRACT, col. 3,lines 1-54, col. 
4,lines 25-col. 5,line 21, figures 3-1 1 and associated descriptions, whereas the determination of a 
frame as being IP frame or an IPSec frame via the MAC header and protocol field in the IP 
header as examined in the data link control layer (i.e., col. 3, lines 17-54) and said IPSec 
inherently uses Security association management (SA) and key exchange (i.e., first security 
policy) in support of the associated encryption/decryption cryptographic functions (i.e., col. 
5,lines 13-21, (RFC) 2401, "Security Architecture for the Internet Protocol" where the 
encryption/decryption cryptographic functions include; DES and triple DES), clearly 
encompasses the claimed limitations as broadly interpreted by the examiner.). 

As per claim 17, this claim is the apparatus/system for the method claim 4 above, and is 
rejected for the same reasons provided for the claim 4 rejection; "The system of claim 16, 
wherein 

said security processing modules comprise 

a module for performing decryption according to the DES.". 

10. Claim 5 additionally recites the limitation that; "The method of claim 3, wherein 
said decryption is performed according to 

the triple data encryption standard (3DES)." 
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The teachings of Ellington et al suggest such limitations (ABSTRACT, col. 3,lines 1-54, col. 
4,lines 25-col. 5,line 21, figures 3-11 and associated descriptions, whereas the determination of a 
frame as being IP frame or an IPSec frame via the MAC header and protocol field in the IP 
header as examined in the data link control layer (i.e., col. 3, lines 17-54) and said IPSec 
inherently uses Security association management (SA) and key exchange (i.e., first security 
policy) in support of the associated encryption/decryption cryptographic functions (i.e., col. 
5,lines 13-21, (RFC) 2401, "Security Architecture for the Internet Protocol" where the 
encryption/decryption cryptographic functions include; DES and triple DES), clearly 
encompasses the claimed limitations as broadly interpreted by the examiner.). 

As per claim 18, this claim is the apparatus/system for the method claim 5 above, and is 
rejected for the same reasons provided for the claim 5 rejection; "The system of claim 16, 
wherein 

said security processing modules comprise 

a module for performing decryption according to the 3 DES." 

1 1 . Claim 7 additionally recites the limitation that; "The method of claim 2, wherein 
said step (e) comprises 

decryption of data in the packet.". 
The teachings of Ellington et al suggest such limitations (ABSTRACT, col. 3,lines 1-54, col. 
4,lines 25-col. 5,line 21, figures 3-1 1 and associated descriptions, whereas the determination of a 
frame as being EP frame or an IPSec frame via the MAC header and protocol field in the IP 
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header as examined in the data link control layer (i.e., col. 3,lines 17-54) and said IPSec 
inherently uses Security association management (SA) and key exchange (i.e., first security 
policy) in support of the associated encryption/decryption cryptographic functions (i.e., col. 
5,lines 13-21, (RFC) 2401, "Security Architecture for the Internet Protocol" 1 where the 
encryption/decryption cryptographic functions include; DES and triple DES), clearly 
encompasses the claimed limitations as broadly interpreted by the examiner.). 

12. Claim 8 additionally recites the limitation that; 'The method of claim 7, wherein 
said decryption is performed according to 

the DES.". 

The teachings of Ellington et al suggest such limitations (ABSTRACT, col. 3,lines 1-54, col. 
4,lines 25-col. 5,line 21, figures 3-1 1 and associated descriptions, whereas the determination of a 
frame as being IP frame or an IPSec frame via the MAC header and protocol field in the IP 
header as examined in the data link control layer (i.e., col. 3, lines 17-54) and said IPSec 
inherently uses Security association management (SA) and key exchange (i.e., first security 
policy) in support of the associated encryption/decryption cryptographic functions (i.e., col. 
5,lines 13-21, (RFC) 2401, "Security Architecture for the Internet Protocol" where the 
encryption/decryption cryptographic functions include; DES and triple DES), clearly 
encompasses the claimed limitations as broadly interpreted by the examiner.). 

13. Claim 9 additionally recites the limitation that; "The method of claim 7, wherein 
said decryption is performed according to 
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the 3DES 

The teachings of Ellington et al suggest such limitations (ABSTRACT, col. 3,lines 1-54, col. 
4,lines 25-col. 5, line 21, figures 3-1 1 and associated descriptions, whereas the determination of a 
frame as being IP frame or an IPSec frame via the MAC header and protocol field in the IP 
header as examined in the data link control layer (i.e., col. 3, lines 17-54) and said IPSec 
inherently uses Security association management (SA) and key exchange (i.e., first security 
policy) in support of the associated encryption/decryption cryptographic functions (i.e., col. 
5,lines 13-21, (RFC) 2401, "Security Architecture for the Internet Protocol" where the 
encryption/decryption cryptographic functions include; DES and triple DES), clearly 
encompasses the claimed limitations as broadly interpreted by the examiner.). 

14. Claim 1 1 additionally recites the limitation that; "The method of claim 2, wherein 
said step (e) comprises 

authentication of the data packet.". 
The teachings of Ellington et al suggest such limitations (ABSTRACT, col. 3,lines 1-54, col. 
4,lines 25-col. 5,line 21, figures 3-1 1 and associated descriptions, whereas the determination of a 
frame as being IP frame or an IPSec frame via the MAC header and protocol field in the IP 
header as examined in the data link control layer (i.e., col. 3, lines 17-54) and said IPSec 
inherently uses Security association management (SA) and key exchange (i.e., first security 
policy) in support of the associated authentication/encryption/decryption cryptographic functions 
(i.e., col. 5,lines 13-21, (RFC) 2401, "Security Architecture for the Internet Protocol", section 
4.4.1 "The Security Policy Database", where the authentication/encryption/decryption 
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cryptographic functions include; AH use of SHA-1/HMAC ), clearly encompasses the claimed 
limitations as broadly interpreted by the examiner.). 

15. As per claim 12; this claim is the intended use embodiment of claim 1 1 above, and is 
rejected for the same reasons provided for the claim 1 1 rejection (A recitation directed to the 
manner in which a claimed apparatus is intended to be used does not distinguish the claimed 
apparatus from the prior art if prior art has the capability to do so perform (See MPEP 2114 
and Ex Parte Masham, 2 USPQ2d 1647 (1987)). The prior art is replete with references 
disclosing generally algorithm/software implemented equivalent embodiments such as that 
implemented using the Multilayer Modular Hashing (MMH) algorithm derivative of the 
associated (RFC) 2401, "Security Architecture for the Internet Protocol" standard of Ellington et 
al)\ "The method of claim 11, wherein 

said authentication comprises 

application of the Multilayer Modular Hashing (MMH) algorithm.". 

16. Claim 13 additionally recites the limitation that; "The method of claim 11, wherein 
said authentication comprises 

application of the Hash-based Message Authentication Code (HMAC) Secure 
Hash Algorithm (SHA)-1.'\ 
The teachings of Ellington et al suggest such limitations (ABSTRACT, col. 3,lines 1-54, col. 
4,lines 25-col. 5,line 21, figures 3-1 1 and associated descriptions, whereas the determination of a 
frame as being IP frame or an IPSec frame via the MAC header and protocol field in the IP 
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header as examined in the data link control layer (i.e., col. 3, lines 17-54) and said IPSec 
inherently uses Security association management (SA) and key exchange (i.e., first security 
policy) in support of the associated authentication/encryption/decryption cryptographic functions 
(i.e., col. 5,lines 13-21, (RFC) 2401, "Security Architecture for the Internet Protocol", section 
4.4. 1 "The Security Policy Database", where the authentication/encryption/decryption 
cryptographic functions include; AH use of SHA-1/HMAC ), clearly encompasses the claimed 
limitations as broadly interpreted by the examiner.). 

As per claim 20, this claim is the apparatus/system for the method claim 13 above, and is 
rejected for the same reasons provided for the claim 13 rejection; "The system of claim 16, 
wherein 

said security processing modules comprise 

a module for performing HMAC authentication.". 

17. Claim 14 additionally recites the limitation that; "The method of claim 2, wherein 
said step (e) comprises 

re-encryption of decrypted data from the packet.". 
The teachings of Ellington et al suggest such limitations (ABSTRACT, col. 3,lines 1-54, col. 
4,lines 25-col. 5,line 21, figures 3-11 and associated descriptions, whereas the determination of a 
frame as being IP frame or an IPSec frame via the MAC header and protocol field in the IP 
header as examined in the data link control layer (i.e., col. 3, lines 17-54) and said IPSec 
inherently uses Security association management (SA) and key exchange (i.e., first security 
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policy) in support of the associated encryption/decryption cryptographic functions (i.e., col. 
5,lines 13-21, (RFC) 2401, "Security Architecture for the Internet Protocol" where the 
encryption/decryption cryptographic functions include; DES and triple DES), clearly 
encompasses the claimed limitations as broadly interpreted by the examiner.). 

18. As per claim 15; this claim is the intended use embodiment of claim 14 above, and is 
rejected for the same reasons provided for the claim 14 rejection (A recitation directed to the 
manner in which a claimed apparatus is intended to be used does not distinguish the claimed 
apparatus from the prior art if prior art has the capability to do so perform (See MPEP 2114 
and Ex Parte Masham, 2 USPQ2d 1647 (1987)). The prior art is replete with references 
disclosing generally algorithm/software implemented equivalent embodiments such as that 
implemented using the Advanced Encryption Standard (AES) derivative of the associated (RFC) 
2401, "Security Architecture for the Internet Protocol" standard of Ellington et al)\ "The method 
of claim 14, wherein 

said re-encryption comprises 

encryption performed according to the Advanced Encryption Standard (AES).". 

19. Claim 21 additionally recites the limitation that; "The method of claim 3, wherein 
said decryption is performed in 

application layer processing.". 
The teachings of Ellington et al suggest such limitations (ABSTRACT, col. 3,lines 1-54, col. 
4,lines 25-col. 5,line 21, figures 3-11 and associated descriptions, whereas the determination of a 
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frame as being IP frame or an IPSec frame via the MAC header and protocol field in the IP 
header as examined in the data link control layer (i.e., col. 3, lines 17-54) and said IPSec 
inherently uses Security association management (SA) and key exchange (i.e., first security 
policy) in support of the associated encryption/decryption cryptographic functions (i.e., col. 
5,lines 13-21, (RFC) 2401, "Security Architecture for the Internet Protocol" where the 
encryption/decryption cryptographic functions include; DES and triple DES), clearly 
encompasses the claimed limitations as broadly interpreted by the examiner.). 

20. Claim 22 additionally recites the limitation that; "The method of claim 11, wherein 

said authentication is performed in 

application layer processing". 

The teachings of Ellington et al suggest such limitations (ABSTRACT, col. 3,lines 1-54, 
col. 4,lines 25-col. 5,line 21, figures 3-1 1 and associated descriptions, whereas the determination 
of a frame as being IP frame or an EPSec frame via the MAC header and protocol field in the IP 
header as examined in the data link control layer (i.e., col. 3, lines 17-54) and said IPSec 
inherently uses Security association management (SA) and key exchange (i.e., first security 
policy) in support of the associated authentication/encryption/decryption cryptographic functions 
(i.e., col. 5,lines 13-21, (RFC) 2401, "Security Architecture for the Internet Protocol", section 
4.4. 1 "The Security Policy Database", where the authentication/encryption/decryption 
cryptographic functions include; AH use of SHA-1/HMAC ), clearly encompasses the claimed 
limitations as broadly interpreted by the examiner.). 



Application/Control Number: 10/053,904 
Art Unit: 2136 



Page 16 



Conclusion 



21 . Any inquiry concerning this communication or earlier communications from examiner 
should be directed to Ronald Baum, whose telephone number is (571) 272-3861, and whose 
unofficial Fax number is (571) 273-3861. The examiner can normally be reached Monday 
through Thursday from 8:00 AM to 5:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh, can be reached at (571) 272-3795. The Fax number for the organization 
where this application is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. For more information for 
unpublished applications is available through Private PAIR only. For more information about the 
PAIR system, see http://pair-direct.uspto.gov . Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 





